"There are a few alternatives available. Unfortunately, moving to Firefox may not be a viable option for her, especially given Mozilla’s recent behavior."
The world has gone crazy. So this relative has casually used the most bloated spyware disguised as a browser for literally a decade, but she can't switch to firefox because 'Mozilla’s recent behavior'.
What special feature does she use that is absolutely untransferable to FF?
I have both browsers icons next to each other and sometimes I launch the other by mistake. For normal browsing I only spot the difference due to various pages having different logins ie from my wife or not being logged in.
If somebody is able to use internet (god forbid even do some payments on it) then I am pretty sure they could understand the concept of another, very similar app with same behavior. Sometimes new releases change UI at least as much as those browsers differ between each other.
The UI is not exactly the same. Maybe it can be OK if I transfer all the favorites, homepage, install a Chrome-looking theme, and more importantly if I change the icon lol. Not even kidding. She only uses it because she needs to, but she would be happier without it.
I installed Ubuntu for many people in their 80s. Give her some time with FF, you don’t have to remove chrome, just hand her FF. I bet she does just fine.
Are you taking upon yourself to do this for all uBO users that need it without knowing?
If you do, you acknowledge that "Chrome disabling uBlock Origin is a serious security threat."
If you don't, then "Chrome disabling uBlock Origin is a serious security threat" seems even more true.
Either way, I'm curious on the size of your bet here. Talk is cheap, and you've only given OP the laziest and most obvious solution. Do you believe what you said is profound and/or an interesting argument?
I took that comment as a good faith offer of the experience of the writer.
I’ve had both experiences myself. Sometimes the older folks manage just fine. Sometimes they don’t. Sometimes it’s an aversion to change, sometimes it’s to cope with cognitive decline, and sometimes they just like one thing or the other, just like anyone.
I think it's mainly having to set it up. Which isn't that much work for basic users but still entails: making a new account (Mozilla), data migration, installation on other devices, add-on installation, syncing, configuration, etc.
Advocating for the entire browser landscape to be taken over by Chromium is definitely not a middle ground. It's letting the world's largest ad company be the dictator of the web.
I never advocated for that. There's nothing saying a fork has to be 100% in sync with upstream and can cherry-pick what parts it wants to keep. Besides that, there's other Blink-based browsers which are very similar but another level removed from Google
Using a fork to work around Google marking addons are malicious seems like a middle ground between "living with ads" and "using a whole new browser the author has political issues with"
Chrome/Chromium is not a bad browser, and that's not what the commentor you're replying to said. The chromium family all uses a single browser engine. It's bad for the health of the web if everyone uses the same engine. If everyone uses the same engine, any bug, vulnerability, or engine quirk is experienced by EVERYONE if there's only 1 browser.
I don't see the difference. Unless the forks become completely independent, Google will have an outsized influence over them. If Firefox goes down without a replacement independent of Chromium, it'll be the end of the open web.
The problem is that any forks wanting to keep MV2 addons available, is to backport the code for each update. The user would need to sideload the addon since it won't be in the Chrome addon store, and that if the uBo dev even maintain the Chrome version after official support is dropped.
define 'simple'. if chrome ripped the whole extension framework out of the source code, a 'simple' fork will suffer the same fate. (notably Edge also doesn't support uBlock Origin anymore.)
They haven't ripped the whole extension framework (yet...) they just marked 1 extension as "malicious" which causes Chrome to automatically disable it. Presumably this is based on proprietary logic that ties Chrome to the Chrome Web/Add-on Store
I've been using Firefox for nearly 15 years and there's technical reasons, too. Mainly memory leaks (which I haven't noticed for a few years anymore) and loading just "feels" slower. Webrender with GPU acceleration helped but it was much more complicated poking at about:config than it "just working"
Recently, I've noticed a "this SaaS only works in Chrome" trend again. Usually that means "only works in Blink" but it still sucks if you need to use SaaS (for work) that has this silly limitation. I've noticed cheaper restaurant web ordering software tends to have problems in Firefox.
For technical or even semi-technical folks those aren't an issue. For non-technical folks, those issues above can easily lead to a poorer web experience without them understanding why. On the other hand, the author didn't actually call out technical issues
The reason Firefox feels slower is because it uses a subpar caching strategy that's minimizing RAM usage. Otherwise, they could no longer claim Chromium is "wasting memory" which is Firefox-speak for "we refuse to implement comprehensive caching"
iirc more about:config tweaks from FasterFox project helped a bit. Anecdotally, I've never seen Chromium be any more or less memory efficient (well maybe 10 years ago but not recently). For the longest time, if you left Firefox sitting open > than 1-2 weeks it'd start leaking memory to the tune of 10s of GB
Chromium is pretty good about suspending pages when it's left sitting for long periods of time
Chromium is amazing about suspending pages, & evictions in general. They maintain multiple levels throughout the render pipelines, and because the tabs are composed of individual processes, it can trade-off somewhat against kernel. This is what a comprehensive caching strategy is: a layered, machine-aware strategy that is both aggressive and predictable under real workloads. It wasn't always perfect, but it's pretty near-perfect these days. And this is not even considering V8 and the talent pool it has acquired due to quality engineering and the network effect that came from it.
Firefox engineers are trying, and you cannot blame them (like you would blame Mozilla) because it has not seen the kind of commitment from industry talent that Chromium. There have been multiple re-writes of major components in Chromium, and they tried really hard to keep the codebase somewhat up-to-date. Firefox is comparatively dated, it's not at all sexy; had people understood this, they wouldn't be so quick with jumping to conclusions, & all. There are many objective, engineering reasons why Firefox is lagging behind the gigantic Chromium+V8 ecosystem of browsers and JS backend industry. For some champagne-socialist reason, it's really vogue to call for Firefox adoption, donating to Mozilla, etc. However, it's rarely an argument made on merit. I think, they just hate to admit that Google has largely succeeded in elevating Chromium to the likes of Linux. If you're making a browser in 2025, unless you're making an artistic point a-la privacy, or contra Chromium specifically, you would rather pick it up at upstream like you would pick up Linux, instead of re-inventing the kernel because Linux bad. That is not to say that OpenBSD, or whatever, Plan9—is without merit, just that it wouldn't surprise anybody had you picked Linux for the job. If you hate Google's SWE people, or its leadership that ostensibly could sway the course of Chromium development, then this is probably really painful! If you don't hate them, you just carry on about your business. And so everyone complies. Because why the hell wouldn't you? There's battles to fight, and there's the other kind.
It doesn't help that Mozilla is cutting the branch from underneath itself.
At this point, I wouldn't be surprised if the complaints I see against Firefox is a campaign to keep people on Chrome. But more likely it's just an excuse due to laziness. Either way these people can be dismissed outright.
For those who can, i'd say migrate to firefox-based privacy respecting browsers (librewolf, zen, waterfox, ironfox, ...)
And help those who can't find alternatives to uBlock Origin and keep some of their privacy
Security fixes to Firefox may take days or weeks to reach downstream forks. That tradeoff may be worse than just setting them up with some privacy settings in Firefox itself.
I'll go against the grain and say this is not a security threat. if missing ublock is a true security concern you shouldn't be using chrome. Because the opposite is not true - that chrome+ublock is keeping you secure from tracking.
There are malicious ads and dark patterns around ad design to trick users into clicking them. I don't think it's security in the "vulnerability" sense or "privacy" sense but more in the "phishing prevention" sense.
Think of those "click here to OPTIMIZE YOUR PC" adware junk you'd prefer anyone you provide tech support for to never see
The article is about blocking ads that contain malware (which are surprisingly common). Preventing tracking is a whole different ballgame that isn't covered by the article
Google has shown itself to be perfectly happy taking money from criminals and their ad network does push malware. To that end their ad business is a security threat.
This is unpopular every time I say it, but by in large people just shouldn't be browsing the web on mobile. Every single aspect of the experience is worse, and is likely to continue to get worse over time:
- tiny phone screen
- objectively worse mobile-site
- far worse touch-screen-based UI
- the entire iOS side of things has far fewer choices for any sort of effective ad blocking
Is it possible for a savvy technologist to overcome these problems? Yes, but it's like disabling junk in Windows: you're playing a game of cat and mouse and slowly losing the battle over time.
Speaking for me, but this might be because while your points are valid:
> Every single aspect of the experience is worse
this is wrong (I can tell you that when my SO falls asleep hugging me in the bed, the mobile is a far better experience than a laptop to browse the web for instance - the tiny screen is a feature in this case), and it seems you are missing the elephants in the room that explain why people are using mobile despite those issues, and you are not addressing the use cases.
This makes your comment read like you are disconnected from reality. You might not be wrong, and it might just be a matter of changing the perspective a bit. In the new perspective, you would show that you understand why people actually browse the web on mobile and address the issues from there.
"You should not browse the web from a mobile" doesn't help at all. Most people do it, and although it's imperfect, people seem to go on on their lives anyway.
You probably need to motivate your view a bit more (so we can go from "is it indeed the case that we should stop browsing the web from a mobile?" to "this person is right, we should definitely stop doing this, what now?"), and address the specific use cases where people use the mobile and provide alternatives.
Alternatives like "just don't browse at the bus stop, allow your mind to be bored / to relax a bit" are perfectly valid. One can disagree with the proposal, but that's one solution.
90% mobile here, block everything but HTML most of the time, works for reading, music, banking, and online buying/selling
self employed, juggling many things, on the road a lot, dont watch more than 2 short videos a week,
and actualy cant say that there is anything media wise that compels me to use a larger screen....which is reserved for actual media creation, not consumption
100% agree that touch screen UI is not very good, horrible, but the missing components of instant
connection to a lap top or desk top, or just keyboard and bigger screen are not quite a set up and forget thing, yet.
I always "upgrade" to laptop or dual monitor desktop for those reasons but it's impractical to carry a larger device around all the time. There should be some middle ground where mobile is still usable without being incredibly slow even if it's still not an optimal experience.
> people just shouldn't be browsing the web on mobile
While you might be right, it's a pointless advice given most internet users since the last decade or more only owns a single internet capable device, which is their mobile.
> And the goal here is to protect her from malwares, not trackers (well at least that's not a priority).
Given how intransparent the programmatic advertising industry is and how often malicious actors have abused such advertising networks to spread malware... there is no distinction to make.
It's probably a threat to your mind & sanity more than security. This is very obviously aimed at streaming more ads into your head. I don't doubt google's security/engineering chops but if google could prop up your eyelids with toothpicks to ensure continuous ad watching they would...
Yeah but that's another topic (maybe more important, but less immediate and actionnable). yesterday my relative just downloaded a malware. That's something we can do something about!
I answered the questions half way myself.The ext. gets disabled because it is manifest 2 not manifest 3. Manifest 2 will be disabled by ~mid 2025 in the Store.
I stopped using Google services at the beginning of this year. I transitioned from Chrome to Firefox and from a standard Android device to one without Google accounts and apps. While this setup is suitable for tech-savvy individuals, it can be challenging for someone like my mom.
To address this, I bought her a Fairphone with a de-googled Android operating system installed out of the box. This solution works well, especially for those who prefer not to use Apple products.
For enhanced ad-blocking and security, I set up an OpenWRT router in front of the provider's router. This includes features like Adblock, DNS over HTTPS (DoH), DNS over TLS (DoT), and DNSCrypt. This setup has been running smoothly in my parents' house for over three years without any issues.
Maybe in part due to regulatory pressures over privacy, IDN, Chrome includes "site settings" to disable Javascript, etc. on a site by suite basis. It also includes "request blocking" in DevTools. These settings can provide some of the blocking that uBlock provides. To some this can be quite useful. Why there is no way to export and import these settings. It is commmon with open source mobile apps in the www/networking category for example to have the ability to import and export settings.
No, it takes way more than that. That's basically what running a Pihole does, which barely blocks anything these days.
Good ad blocking requires you to be able to look at decrypted HTTPS traffic and remove content from the DOM, including stuff added after the fact by Javascript. That's why uBlock Origin works better than Adguard (which is a https MITM ad blocker) and why Adguard works better than Pihole (which doesn't usually MITM HTTPS).
Simple hosts blocking used to work OK two decades ago but these days so many ads are served directly from the same servers within the same HTTPS connection that it's just not enough.
> Good ad blocking requires you to be able to look at decrypted HTTPS traffic and remove content from the DOM, including stuff added after the fact by Javascript.
ironically this also sounds like a security nightmare.
You'd still have to MITM HTTPS which is non-trivial (compared to installing an extension) and accept the risks of managing your own CA
Afaik uBlock benefits from some browser APIs that can do things like prevent content from loading before the add-on is injected into the page so you'd lose some coverage there. I imagine it'd also be fairly difficult to intercept all outgoing web requests (to selectively block them) which a browser is fairly well positioned to provide an API for.
You can try, but that adds way more complexity and fragility than a simple browser extension.
That said, if you build such a product (something that can MITM HTTPS and then inject ad blocking JS on every page or video, or simply rewrite traffic to strip out ads like a packet shaping firewall, etc.) and that can make use of existing filter lists, I'd be very happy (eager, actually) to pay for it.
That is similar to how Adguard works, but that can't run on a router like Pihole does. I don't know how you'd get past the HTTPS cert issue. I think you'd first have to install that custom cert on every device connected to the router, or else have the router completely proxy every HTTPS connection and re-serve it from own domain and cert. Might run into dnssec issues too? Not really sure but sounds messy. Browser extensions don't have to worry about HTTPS and can (or could before manifest V3) directly manipulate the DOM.
That the market hasn't created one yet suggests it might be difficult. But I'd love to see one.
AdGuard does a good job if you're happy sending them your DNS queries. You'll still want to adopt a layered approach however, and that will involve a browser based ad blocker.
I second setting up AdGuard. It is the simplest solution for non-techies to use to help mitigate the problem here wihtout switching browsers. Although I would recommend doing both.
uBlock can do fairly sophisticated content blocking and rules that rely on the page being rendered out. Even with tls MiTM you'd need to fully render the page and run JS
Just yesterday I noticed it managed to block self hosted Snowplow (clickstream analytics) JS library without blocking other scripts on the same CDN/domain.
This is what I was doing around 25 years ago before ad blockers were a thing, and the web was not encrypted... (Python didn't exist yet, the proxy was a lot of code in Object Pascal, i.e. Delphi)
I run a pihole and I don't regret it, but it's nowhere near ublock in capability. Ublock's more important filters are selecting individual scripts and even page elements.
Nope, cannot be done like this.
You can block just some of the ADs on websites.
But for example YouTube requests for video chunks, is same domain as ADs.
So you would have Youtube with ADs.
Much easier solution, which everyone should made years ago, STOP using Chrome crapbrowser.
I thought chrome was already doing this for some google domains and using their own DNS vs. the operating DNS? Maybe I’m wrong, but I thought this was a thing.
I have clients who use Chrome and when uBO was removed, I installed the Lite version and now some of them have gotten malware. It's not good enough. Will need to switch to another browser.
Sad realization: blocking ad blockers is copy protection from a decade or two ago and blocking ads is nowadays basically cracking websites and browsers.
The world has gone crazy. So this relative has casually used the most bloated spyware disguised as a browser for literally a decade, but she can't switch to firefox because 'Mozilla’s recent behavior'.